@pnpm/npm-conf
Advanced tools
Comparing version 2.0.2 to 2.0.3
'use strict'; | ||
const fs = require('fs'); | ||
const path = require('path'); | ||
const envReplace = require('@npmcli/config/lib/env-replace.js'); | ||
// https://github.com/npm/cli/blob/latest/lib/config/core.js#L406-L420 | ||
const envReplace = str => { | ||
if (typeof str !== 'string' || !str) { | ||
return str; | ||
} | ||
// Replace any ${ENV} values with the appropriate environment | ||
const regex = /(\\*)\$\{([^}]+)\}/g; | ||
return str.replace(regex, (orig, esc, name) => { | ||
esc = esc.length > 0 && esc.length % 2; | ||
if (esc) { | ||
return orig; | ||
} | ||
if (process.env[name] === undefined) { | ||
throw new Error(`Failed to replace env in config: ${orig}`); | ||
} | ||
return process.env[name]; | ||
}); | ||
}; | ||
// https://github.com/npm/cli/blob/latest/lib/config/core.js#L359-L404 | ||
@@ -73,3 +50,3 @@ const parseField = (types, field, key) => { | ||
field = envReplace(field); | ||
field = envReplace(field, process.env); | ||
@@ -76,0 +53,0 @@ if (isPath) { |
{ | ||
"name": "@pnpm/npm-conf", | ||
"version": "2.0.2", | ||
"version": "2.0.3", | ||
"description": "Get the npm config", | ||
@@ -24,2 +24,3 @@ "license": "MIT", | ||
"dependencies": { | ||
"@npmcli/config": "^6.1.0", | ||
"@pnpm/network.ca-file": "^1.0.1", | ||
@@ -26,0 +27,0 @@ "config-chain": "^1.1.11" |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
25
28156
3
874
+ Added@npmcli/config@^6.1.0
+ Added@isaacs/cliui@8.0.2(transitive)
+ Added@npmcli/config@6.4.1(transitive)
+ Added@npmcli/map-workspaces@3.0.6(transitive)
+ Added@npmcli/name-from-folder@2.0.0(transitive)
+ Added@pkgjs/parseargs@0.11.0(transitive)
+ Addedabbrev@2.0.0(transitive)
+ Addedansi-regex@5.0.16.1.0(transitive)
+ Addedansi-styles@4.3.06.2.1(transitive)
+ Addedbalanced-match@1.0.2(transitive)
+ Addedbrace-expansion@2.0.1(transitive)
+ Addedci-info@4.0.0(transitive)
+ Addedcolor-convert@2.0.1(transitive)
+ Addedcolor-name@1.1.4(transitive)
+ Addedcross-spawn@7.0.3(transitive)
+ Addedeastasianwidth@0.2.0(transitive)
+ Addedemoji-regex@8.0.09.2.2(transitive)
+ Addedforeground-child@3.3.0(transitive)
+ Addedglob@10.4.5(transitive)
+ Addedini@4.1.3(transitive)
+ Addedis-fullwidth-code-point@3.0.0(transitive)
+ Addedisexe@2.0.0(transitive)
+ Addedjackspeak@3.4.3(transitive)
+ Addedjson-parse-even-better-errors@3.0.2(transitive)
+ Addedlru-cache@10.4.3(transitive)
+ Addedminimatch@9.0.5(transitive)
+ Addedminipass@7.1.2(transitive)
+ Addednopt@7.2.1(transitive)
+ Addednpm-normalize-package-bin@3.0.1(transitive)
+ Addedpackage-json-from-dist@1.0.1(transitive)
+ Addedpath-key@3.1.1(transitive)
+ Addedpath-scurry@1.11.1(transitive)
+ Addedproc-log@3.0.0(transitive)
+ Addedread-package-json-fast@3.0.2(transitive)
+ Addedsemver@7.6.3(transitive)
+ Addedshebang-command@2.0.0(transitive)
+ Addedshebang-regex@3.0.0(transitive)
+ Addedsignal-exit@4.1.0(transitive)
+ Addedstring-width@4.2.35.1.2(transitive)
+ Addedstrip-ansi@6.0.17.1.0(transitive)
+ Addedwalk-up-path@3.0.1(transitive)
+ Addedwhich@2.0.2(transitive)
+ Addedwrap-ansi@7.0.08.1.0(transitive)